It has been awhile since I had done all that, and the other poster jogged my memory a bit. I had also done recipient filtering, and I believe that it will help your problem, too. That said, I am very fond of the IronMail appliance and appreciate the workload that it takes off the Exchange server and our bandwidth. Again, just dropping connections from known spammers eliminates a lot of traffic.
________________________________ From: Bill Songstad (WCUL) [mailto:administra...@waleague.org] Sent: Wednesday, August 19, 2009 1:47 PM To: MS-Exchange Admin Issues Subject: RE: NDRs backscatter and such I do have tarpitting enabled, and it helped a bit. But my Antispam solution is signature based. I have considered implementing SPF solutions, but many of our clients have domains that don't comply, so that would cause more trouble. Bill From: Mayo, Bill [mailto:bem...@pittcountync.gov] Sent: Wednesday, August 19, 2009 10:31 AM To: MS-Exchange Admin Issues Subject: RE: NDRs backscatter and such You can use "tarpitting" to help foil the spammers sending to non-existent addresses, and that may help some. However, I humbly suggest that you need an anti-spam solution that handles this. Like you, my queue used to be monopolized by attempted NDRs to non-existent domains. Since implementing an anti-spam appliance (IronMail), no such problems. The appliance is in the class of devices that track malicious behavior instead of (only) trying to determine if something is spam by the content of the message. A large percentage of connection attempts are rejected before they start, because they come from known bad addresses. Bill Mayo ________________________________ From: Bill Songstad (WCUL) [mailto:administra...@waleague.org] Sent: Wednesday, August 19, 2009 1:25 PM To: MS-Exchange Admin Issues Subject: NDRs backscatter and such Okay, backscatter is an annoyance at the very least. So I want to do something about it. My messaging queue is 90% NDRs to domains and subdomains with no MX records. Of course the easy solution is to just uncheck "allow Non-Delivery reports" in Internet Messaging formats within ESM. But my organization provides research services via email request to thousands of members. Sometimes the members just fire off an email to the researcher who helped them last time. But, that researcher may be gone from the organization. So how do you have the NDR functionality without feeding the spammers and contributing to backscatter? Just trying to brainstorm here Bill